EP2426873B1 - Method for implementing the real time data service and real time data service system - Google Patents
Method for implementing the real time data service and real time data service system Download PDFInfo
- Publication number
- EP2426873B1 EP2426873B1 EP09845443.2A EP09845443A EP2426873B1 EP 2426873 B1 EP2426873 B1 EP 2426873B1 EP 09845443 A EP09845443 A EP 09845443A EP 2426873 B1 EP2426873 B1 EP 2426873B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- real time
- time data
- user terminal
- data service
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Not-in-force
Links
- 238000000034 method Methods 0.000 title claims description 61
- 238000012795 verification Methods 0.000 claims description 131
- 230000004044 response Effects 0.000 claims description 29
- 230000008569 process Effects 0.000 claims description 16
- 230000011664 signaling Effects 0.000 description 21
- 230000005540 biological transmission Effects 0.000 description 12
- 238000012360 testing method Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 5
- 238000005538 encapsulation Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 230000006872 improvement Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 230000002349 favourable effect Effects 0.000 description 2
- 239000012634 fragment Substances 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 108700026140 MAC combination Proteins 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
- H04L12/2869—Operational details of access network equipments
- H04L12/287—Remote access server, e.g. BRAS
- H04L12/2876—Handling of subscriber policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25866—Management of end-user data
- H04N21/25875—Management of end-user data involving end-user authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26613—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/4104—Peripherals receiving signals from specially adapted client devices
- H04N21/4126—The peripheral being portable, e.g. PDAs or mobile phones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
- H04N21/63345—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/85—Assembly of content; Generation of multimedia applications
- H04N21/854—Content authoring
- H04N21/8549—Creating video summaries, e.g. movie trailer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/08—Access point devices
Definitions
- the present invention relates to the field of communications, and in particular to a method for implementing real time data service and a real time data service system.
- the real time data service comprises: mobile TV, video on demand, live video and the like.
- users can access the real time data service server through a real time data service client on the mobile terminal to obtain the real time service data stream, and experience the real time data service, such as browsing of the mobile TV programs, video on demand and live video.
- WLAN wireless local area networks
- the security of real time data service must be improved by adopting some WLAN authentication and protection protocol.
- WLAN authentication and privacy infrastructure (WAPI) protocol is the optimum choice.
- the WAPI aiming at the security issue of the wired equivalent privacy (WEP) and other protocols in IEEE802.11 is a WLAN security solution provided in the China WLAN National Standard GB15629.11 after repeated argumentation by multiple parties and adequate consideration of various application modes.
- WAPI protocol access authentication of mobile terminals and negotiation of keys are preformed mainly through the process of authentication and key management provided in WLAN authentication infrastructure (WAI) protocol, and encrypted transmission of data in the media access control (MAC) layer is completed through the process of encryption and decryption provided in WLAN privacy infrastructure (WPI) protocol, so as to guarantee that the legal mobile terminals securely access to the real time data service server.
- WAI WLAN authentication infrastructure
- MAC media access control
- WPI WLAN privacy infrastructure
- the authentication and key management mode based on certificate has higher security, but is more complex in process; the AP of the real time data service system needs to generate a base key for each accessed mobile terminal by adopting the elliptic curve key mechanism Diffie-Hellman (ECDH) exchange algorithm, resulting in great amount of calculation.
- the authentication and key management mode based on pre-shared key has lower security, but is simple in process; a same pre-shared key (i.e., a same base key) can be used by multiple mobile terminals, thereby the amount of calculation of generating the base key and the management cost is reduced.
- Fig. 1 shows a flowchart of a method for implementing the real time data service by adopting the way of authentication and key management based on pre-shared key in the prior art, the method comprising:
- the AP opens a control port to allow the interaction between the mobile terminal and a real time data service server of the real time data service system.
- the mobile terminal interacts with the real time data service server to complete the transmission of a real time data service control signalling; in this process, control signalling messages are encrypted transmitted between the mobile terminal and the AP by using the unicast session key obtained through negotiation in Step 102, and transmitted by plaintext or other secure ways between the AP and the real time data service server due to relatively secure communication link therebetween.
- control signalling comprise: negotiating parameters of the real time data service, setting up an audio/video transmission channel, starting/controlling the transmission of audio/video data of the real time data service, etc., for example.
- the mobile terminal sends a describe request signalling to the real time data service server through the AP, to send the media parameters supported by the mobile terminal to the real time data service server; the real time data service server sends a describe response to the mobile terminal through the AP, to send the media parameters selected by the real time data service server to the mobile terminal; and through the signalling interactions above, the mobile terminal and the real time data service server complete the negotiation of the real time data service media parameters.
- the mobile terminal sends an audio/video transmission channel setup request signalling to the real time data service server through the AP; the real time data service server sends an audio/video transmission channel setup response signalling to the mobile terminal through the AP; and through the signalling interactions above, an audio/video transmission channel is set up between the mobile terminal and real time data service server.
- the mobile terminal sends an audio/video data play control signalling, such as Play, Pause, Stop and the like, to the real time data service server through the AP, to play, pause and stop the transmission of the audio/video data.
- an audio/video data play control signalling such as Play, Pause, Stop and the like
- the real time data service server sends the audio/video data to the mobile terminal through the AP.
- the audio/video data messages can be transmitted by plaintext or other secure ways between the AP and the real time data service server, but encrypted transmitted between the AP and the mobile terminal by the unicast session key or the multicast key obtained through negotiation in Step 102.
- control signalling messages can be transmitted at any time between the real time data service server and the mobile terminal, but the audio/video data and the control signalling are not transmitted in the same messages, i.e., the audio/video data and the control signalling are transmitted in different logic channels.
- real time data service operators can provide multiple signed users with the same pre-shared key by using which the users (the mobile terminals) can access the real time data service system for previewing of the real time data service.
- D1 WO 02/062054 A2 (GEN INSTRUMENT CORP [US]) 8 August 2002 (2002-08-08) discloses a method of multicasting program content to a plurality of clients by providing a first key to a group of the plurality of clients; providing a second key for use in encrypting a first portion of the program content; providing the second key encrypted to the first key to at least one of the plurality of clients; utilizing the second key at a server to encrypt a first portion of the program content. Multicasting the encrypted first portion of program content to the group of clients; permitting at least one client to decrypt the encrypted first portion of the program content with the second key.
- D2 EP 1178644 A2 (NOKIA INC [US]) 6 February 2002 (2002-02-06) discloses a method of managing security keys in a wireless local area network having a mobile terminal, an access point and a server, the method comprising the steps of: obtaining first and second certificates from a certificate authority; associating the mobile terminal with the access point; using a certificate authority certificate, first certificate and private key with Internet Key Exchange (IKE) to generate a WLAN link level key and mutually authenticating the mobile terminal and the access point using the IKE; and using a certificate authority certificate, second certificate and private key with Internet Key Exchange (IKE) to generate IPsec authentication, encryption and decryption keys for data packets transferred between the mobile terminal and the server.
- IKE Internet Key Exchange
- D3 EP 1589695 A1 (CHINA IWNCOMM CO LTD [CN]) 26 October 2005 (2005-10-26) discloses a method for the secure access of mobile terminal to the Wireless Local Area Network (WLAN) and for secure data communication via wireless link, wherein Mobile Terminal (MT) and Access Point (AP) perform the two-way certificate authentication through the Authentication Server (AS); and MT and AP perform negotiation of secret key for conversation.
- WLAN Wireless Local Area Network
- AS Authentication Server
- D4 EP 1990958 A1 (CHINA IWNCOMM CO LTD [CN]) 12 November 2008 (2008-11-12) discloses a method and apparatus for testing safety access protocol conformity of access point includes the follow steps: capturing certification protocol data packet generated in safety access certification procedure of the access point, detecting and analyzing package format and protocol flow process of the safety access protocol data packet.
- Test result does not depend on implement of high layer in according to the present invention, and it is possible to achieve true test result even if implement of a standard device is not exact, so it increases the veracity of test result; further, it is possible to accurately find out the false place of protocol implement by capturing detail information from protocol data packets in according to the present invention, so it increases simulation test for possible abnormal situation and ensure the product of passing test accord with standard regulation and interoperation.
- D7 US 2008/133918 A1 discloses a method and apparatus of transmitting data using authentication between a first device and a second device.
- the method includes transmitting an encrypted certificate of the first device using a shared key shared by the first device and the second device, receiving authentication key generation information for generating an authentication key, which is received when it is determined that the certificate of the first device is valid and not revoked, generating a first random number and generating an authentication key based on the first random number and the authentication key generation information, and encrypting and transmitting data using the authentication key.
- D8 CN 1251442 C (GEN INSTRUMENT CORP) 12 April 2006 (2006-04-12) discloses various distribution methods can be accomplished using encryption keys to distribute program content.
- an initial viewing period can be provided to allow negotiation of the encryption keys.
- rules and conditions for providing content in a multicasting environment can be utilized.
- D9 CN 101489094 A (SHENZHEN TONGZHOU ELECTRONIC CO LTD) 2 July 2009 (2009-07-02) discloses an encryption program ordering and preview method, a system and a front-end processing system for a digital television, wherein the digital television encryption program ordering and preview method comprises the following steps: when a user switches to an encryption program, judging whether the program is authorized; if not, directly playing a preview fragment of the encryption program or according to a user operation; the user sending an ordering request of the encryption program containing service password information of the ordering program according to the preview fragment; performing a verification treatment to the user service code, and turning on the ordering program authorization for the user after the verification.
- D10 CN 101547340 A (CHINA SCI SOFTWARE RES) 30 September 2009 (2009-09-30) discloses an undeniable charging method for a video-on-demand (VOD) system and provides an efficient user authentication method using a Hash function link.
- D11 CN 101583 083 A (ZTE CORP) 18 November 2009 (2009-11-18) discloses an implementation method of real-time data service comprises the following steps: when a mobile terminal is accessed to a real-time data service system by adopting identification based on a pre-shared key and a key management mode, and after AP of the real-time data service system starts to transmit an audio and video data message of real-time data service to the mobile terminal, the AP sends a signature verification request to the mobile terminal; after receiving the signature verification request, the mobile terminal generates a signature value by using a private key corresponding to a WAPI certificate of the mobile terminal and sends the signature value contained in a signature verification response to the AP; after receiving the signature verification response, the AP conducts verification to the signature value by using a public key corresponding to the WAPI certificate, if the verification is successful, the AP continuously transmits the audio and video data message of real-time data service to the mobile terminal; and if the verification fails, the AP stops transmitting the audio and
- D12 EP 1178644 A2 (NOKIA INC) 6 February 2002 (2002-02-06) discloses a method of managing security keys in a wireless local area network having a mobile terminal, an access point and a server, the method comprising the steps of: obtaining first and second certificates from a certificate authority; associating the mobile terminal with the access point; using a certificate authority certificate, first certificate and private key with Internet Key Exchange (IKE) to generate a WLAN link level key and mutually authenticating the mobile terminal and the access point using the IKE; and using a certificate authority certificate, second certificate and private key with Internet Key Exchange (IKE) to generate IPsec authentication, encryption and decryption keys for data packets transferred between the mobile terminal and the server.
- IKE Internet Key Exchange
- the technical problem to be solved by the present invention is to overcome the defects of the prior art by providing a method for implementing real time data service and a real time data service system, thereby improving the security of accessing the real time data service system by adopting the way of authentication and key management based on pre-shared key.
- a method for implementing the real time data service comprises:
- the method further comprises the process of triggering the AP to perform the verification:
- the signature verification response may further comprise the WAPI certificate of the user terminal; and after receiving the signature verification response, the AP may further verify the validity of the WAPI certificate with an authentication server, and perform subsequent operations to the signature value when the WAPI certificate is valid.
- the method of generating the signature value may be:
- the AP may further pause forwarding the data messages of the real time data service to the user terminal.
- a real time data service system which is used for providing a user terminal with real time data service, the system comprises: an AP and a user terminal accessing the real time data service system, wherein the AP is configured to forward data messages of the real time data service to the user terminal, verify the user terminal, continue forwarding data messages of the real time data service to the user terminal after the verification is successful, and stop forwarding the data messages of the real time data service to the user terminal when the verification is failed; and the user terminal is configured to access the real time data service system by adopting a pre-shared key-based way of authentication and key management, and to cooperate with the AP for the verification; the AP is further configured to send a signature verification request to the user terminal; the user terminal is further configured to generate a signature value by using a private key corresponding to a wireless local area network authentication and privacy infrastructure (WAPI) certificate of the user terminal, and send the signature value comprised in a signature verification response to the AP; and the AP is further configured to decrypt the received signature value by using a public key
- the system further comprises a signature verification timer, which is configured to perform timing operation under control of the AP; and the AP is further configured to, when starting the verification, start the signature verification timer, and stop forwarding the data messages of the real time data service to the user terminal when the signature verification timer times out and no feedback of the verification is received from the user terminal.
- a signature verification timer which is configured to perform timing operation under control of the AP
- the AP is further configured to, when starting the verification, start the signature verification timer, and stop forwarding the data messages of the real time data service to the user terminal when the signature verification timer times out and no feedback of the verification is received from the user terminal.
- the system further comprises an authentication server, wherein the AP is further configured to, when receiving a feedback of the verification from the user terminal, verify validity of a WAPI certificate comprised in the feedback with the authentication server.
- the AP may be further configured to pause forwarding the data messages of the real time data service to the user terminal.
- the user terminal may be a mobile terminal.
- the method and system of the present invention when accessing the real time data service system by adopting the way of authentication and key management based on pre-shared key, it is able to authenticate a user before the user obtains a big amount of service data, thereby effectively improve the accessing security; furthermore, with the method and system of the present invention, it is able to provide free preview service data to the user at first, and after the preview, obtain and verify the WLAN authentication and privacy infrastructure (WAPI) certificate and signature of the user by initiating a signature authentication request to the user and start to charge, thereby is convenient for the user and favourable for the operators to popularize the real time data service.
- WAPI WLAN authentication and privacy infrastructure
- the main idea of the present invention is: a mobile terminal accesses a real time data service system by adopting the way of WAI authentication and key management based on pre-shared key, and after forwarding audio/video data messages to the mobile terminal, an AP of the real time data service system sends a signature verification request to the mobile terminal; and the AP verifies a signature value returned from the mobile terminal, and continues sending the audio/video data messages to the mobile terminal after the verification is passed, otherwise, stops sending the audio/video data messages to the mobile terminal.
- Fig. 2 shows a flowchart of a method for implementing the real time data service based on the WLAN according to an embodiment of the present invention.
- the method comprises:
- the AP opens a control port to allow the interaction between the mobile terminal and a real time data service server of the real time data service system.
- the mobile terminal interacts with the real time data service server through the AP and transmits the real time data service control signalling messages, to negotiate media parameters of the real time data service, set up an audio/video transmission channel and finally start the real time data service.
- control signalling messages after encryption are encapsulated in a MAC protocol data unit (MPDU) for transmission.
- MPDU MAC protocol data unit
- the real time data service server After the real time data service is started, the real time data service server sends audio/video data messages of the real time data server to the mobile terminal through the AP.
- the AP After receiving the audio/video data messages sent from the real time data service server to the mobile terminal, the AP encrypts the audio/video data messages by using the session key (multicast session key or unicast session key) obtained through negotiation in Step 202, encapsulates the encrypted audio/video data messages in the MPDU and sends to the mobile terminal.
- the session key multicast session key or unicast session key
- Fig. 3 shows an encapsulation structure diagram of a MPDU of the WPI, wherein the length of MAC header field is 24 or 30 bytes; the length of session key index field is 1 byte, representing the value of unicast session key index (USKID) or multicast session key index (MSKID) or station key index (STAKeyID), i.e., the index of the session key used for encrypting the MPDU; the length of reserved field is 1 byte; the length of packet number (PN) field is 16 bytes, wherein the value of the field can be used as an initial vector (IV) required for the data encryption and decryption; MPDU data are encapsulated in the Protocol Data Unit (PDU) (i.e.
- PDU Protocol Data Unit
- the length of message integrity code (MIC) field is 16 bytes
- the length of Frame Check Sequence (FCS) field is 4 bytes, which is the frame check sequence of the MAC frame format.
- Fig. 3 further shows a way for encapsulating the control signalling messages and the audio/video data messages of the real time data service.
- control signalling messages and the audio/video data messages of the real time data service are collectively called the real time data service message consisting of a real time data service message header and the real time service data; and the types of the real time service data comprises: the control signalling and the audio/video data of the real time data service.
- the real time data service message header comprises information such as the type of real time service data and the like.
- the real time data service message can be encapsulated in a transfer control protocol (TCP) message or a user datagram protocol (UDP) message for transmission.
- TCP transfer control protocol
- UDP user datagram protocol
- the TCP header and the UDP header comprise information such as port number and the like used by the real time data service.
- the TCP message and UDP message can be encapsulated in an internet protocol (IP) message for transmission.
- IP internet protocol
- the IP header comprises information such as IP address and the like of the mobile terminal/the real time data service server.
- control signalling messages and the audio/video data messages of the real time data service in the PDU field as shown in Fig. 3 is only an example, and the control signalling messages and the audio/video data messages of the real time data service can be encapsulated in other ways.
- the mobile terminal After receiving the MPDU encapsulated with the audio/video data messages, the mobile terminal decrypts the encrypted audio/video data messages in the PDU field by using the session key (multicast session key or unicast session key) obtained through negotiation in Step 202, and then plays the audio/video data encapsulated in the audio/video data messages.
- the session key multicast session key or unicast session key
- the AP sends a signature verification request to the mobile terminal and starts a timer (can be called a signature verification timer).
- the signature verification request sent by the AP can be a MPDU comprising a signature verification request identifier.
- the reserved field in the MPDU can serve as the signature verification request identifier. For example, when the value of the field is 1, it is indicated that the MPDU is a signature verification request, and when the field is 0, it is indicated that the MPDU is a normal MPDU encapsulated with control signalling messages or audio/video data messages.
- the PDU field of the signature verification request can comprise random numbers generated by the AP, and the mobile terminal can take the random numbers as the data to be signed, or generate the data to be signed by using the random numbers.
- the PDU field in the signature verification request can also comprise the encrypted audio/video data messages, i.e., after receiving the audio/video data sent from the real time data service server, the AP encrypts and encapsulates the audio/video data in the MPDU, sets the signature verification request identifier in the MPDU, and sends the MPDU to the mobile terminal.
- the AP can pause forwarding the audio/video data messages to the mobile terminal, and do not continue forwarding the audio/video data messages until the signature verification is passed.
- the AP can cache the audio/video data messages sent from the real time data service server to the mobile terminal.
- the mobile terminal After receiving the signature verification request, the mobile terminal encrypts the data to be signed by using a private key corresponding to the WAPI certificate to generate a signature value, and returns a signature verification response comprising the signature value to the AP.
- the data to be signed mentioned above can be all or partial data in the PDU field of the signature verification request, as well as the HASH values of all or partial data in the PDU field.
- the data to be signed can be the random numbers themselves; and if the PDU field of the signature verification request comprises the encrypted audio/video data messages, the data to be signed can be the HASH values of the audio/video data messages.
- the data to be signed mentioned above can also be generated by the mobile terminal.
- the data to be signed can be random numbers generated by the mobile terminal.
- the mobile terminal needs to comprise the data to be signed in the signature verification response to send to the AP, so that the signature value can be verified by the AP.
- the signature verification response can also comprise the WAPI certificate of the mobile terminal, and the WAPI certificate comprises its corresponding public key. Indeed, if the public key of the WAPI certificate of the mobile terminal is pre-stored in the AP, the signature verification response may not comprise the WAPI certificate.
- the AP After receiving the signature verification response, if the response comprises the WAPI certificate of the mobile terminal, the AP sends a certificate authentication request comprising the WAPI certificate to the authentication server of the real time data service system to verify the validity of the WAPI certificate.
- Step 212 If the AP does not receive any signature verification response sent by the mobile terminal before the signature verification timer times out, turn to Step 212.
- the authentication server After receiving the certificate authentication request, the authentication server verifies the WAPI certificate in the certificate authentication request, and comprises the certificate verification result in the certificate authentication response to send to the AP.
- the AP learns the validity of the WAPI certificate according to the certificate verification result returned from the authentication server, or determines the validity of the WAPI certificate by locally verifying the WAPI certificate; if the WAPI certificate of the mobile terminal is invalid (for example, revoked or expired and the like), turn to Step 212; if the WAPI certificate is valid, the AP verifies the signature value comprised in the signature verification response by using the public key corresponding to the WAPI certificate; and if the signature verification is successful, execute Step 213; if the signature verification is failed, execute Step 212.
- the process of the signature verification may comprise the following steps:
- the data to be signed can be all or partial data saved in the PDU field when sending the signature verification request by the AP, or the HASH values of all or partial data in the PDU field; the data to be signed can also be the data generated by the mobile terminal and comprised in the signature verification response.
- the AP stops forwarding the received audio/video data messages to the mobile terminal; moreover, the AP can send a real time data service stop request to the real time data service server to indicate the real time data service server to stop sending the audio/video data to the mobile terminal.
- the AP continues forwarding the audio/video data messages sent from the real time data service server to the mobile terminal.
- the AP can also directly drop the received audio/video data messages.
- the replay attack initiated by an illegal mobile terminal can be prevented to the maximum extent.
- Fig. 5 shows a structural diagram of a real time data service system for implementing the method of the present invention
- the system comprises: an AP, a real time data service server and an authentication server, in which, the real time data service server is used, after the mobile terminal accesses the real time data service system by adopting the way of authentication and key management based on pre-shared key and starts the real time data service, for sending the audio/video data messages of the real time data service to the mobile terminal through the AP;
- the AP is used for forwarding the audio/video data messages of the real time data service to the mobile terminal, and sending a signature verification request to the mobile terminal when the duration in which forwarding the audio/video data messages exceeds the preview duration threshold or the data size of the forwarded audio/video data messages exceeds the preview data size threshold;
- the AP is used, after receiving a signature value generated by the mobile terminal by using a private key corresponding to the WAPI certificate of the mobile terminal, for verifying the signature value by using a public key
- the AP is further used, after receiving the signature verification response, for sending the certificate verification request comprising the WAPI certificate of the mobile terminal to the authentication server, and determining whether the WAPI certificate is a valid certificate according to the certificate verification result returned by the authentication server; verifying the signature value if the WAPI certificate is a valid certificate; and stopping forwarding the audio/video data messages of the real time data service to the mobile terminal if the WAPI certificate is an invalid certificate.
- the AP is further used, when sending the signature verification request, for starting the signature verification timer, and before the signature verification timer times out, stopping forwarding the audio/video data messages of the real time data service to the mobile terminal if no signature value that sent by the mobile terminal is received.
- the AP is further used, when sending the signature verification request, for pausing forwarding the audio/video data messages of the real time data service to the mobile terminal; and after receiving the signature verification response, continuing forwarding the audio/video data messages of the real time data service to the mobile terminal if the signature value verification is successful.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Graphics (AREA)
- Mobile Radio Communication Systems (AREA)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009101421613A CN101583083B (zh) | 2009-06-01 | 2009-06-01 | 一种实时数据业务的实现方法和实时数据业务*** |
PCT/CN2009/075417 WO2010139163A1 (zh) | 2009-06-01 | 2009-12-08 | 一种实时数据业务的实现方法和实时数据业务*** |
Publications (3)
Publication Number | Publication Date |
---|---|
EP2426873A1 EP2426873A1 (en) | 2012-03-07 |
EP2426873A4 EP2426873A4 (en) | 2014-02-12 |
EP2426873B1 true EP2426873B1 (en) | 2015-04-29 |
Family
ID=41364987
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP09845443.2A Not-in-force EP2426873B1 (en) | 2009-06-01 | 2009-12-08 | Method for implementing the real time data service and real time data service system |
Country Status (4)
Country | Link |
---|---|
US (1) | US8745396B2 (zh) |
EP (1) | EP2426873B1 (zh) |
CN (1) | CN101583083B (zh) |
WO (1) | WO2010139163A1 (zh) |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101562812B (zh) | 2009-05-14 | 2011-06-01 | 西安西电捷通无线网络通信股份有限公司 | 会聚式wlan中由ac完成wpi时的sta切换方法及其*** |
CN101562811B (zh) * | 2009-05-14 | 2011-04-06 | 西安西电捷通无线网络通信股份有限公司 | 一种会聚式wlan中由wtp完成wpi时的sta漫游切换方法及其*** |
CN101583083B (zh) * | 2009-06-01 | 2011-11-30 | 中兴通讯股份有限公司 | 一种实时数据业务的实现方法和实时数据业务*** |
CN101883118B (zh) * | 2010-07-08 | 2012-10-17 | 长春吉大正元信息技术股份有限公司 | 针对大数据量的数字签名方法 |
CN102624752B (zh) * | 2011-01-26 | 2014-06-18 | 天脉聚源(北京)传媒科技有限公司 | 一种m3u8直播流防盗链方法和*** |
ES2441140B1 (es) * | 2012-07-30 | 2015-03-10 | Vodafone Espana Sau | Metodo, entidad de red y equipo de usuario para entregar informacion a una red de acceso de radio. |
CN105025480B (zh) * | 2014-04-29 | 2019-04-05 | 中国电信股份有限公司 | 用户卡数字签名验证的方法与*** |
CN105577365B (zh) * | 2014-11-11 | 2019-04-26 | ***通信集团公司 | 一种用户接入wlan的密钥协商方法及装置 |
CN108040269A (zh) * | 2017-12-18 | 2018-05-15 | 西安邮电大学 | 一种视频监控***密钥协商的方法及***、计算机 |
US10993110B2 (en) * | 2018-07-13 | 2021-04-27 | Nvidia Corp. | Connectionless fast method for configuring Wi-Fi on displayless Wi-Fi IoT device |
US11005656B2 (en) * | 2018-12-07 | 2021-05-11 | Arris Enterprises Llc | Embedding information in elliptic curve base point |
WO2020154872A1 (zh) * | 2019-01-29 | 2020-08-06 | 华为技术有限公司 | 一种传输控制协议加速方法和装置 |
JP7372527B2 (ja) * | 2019-09-26 | 2023-11-01 | 富士通株式会社 | 通信中継プログラム、中継装置、及び通信中継方法 |
CN112202826B (zh) * | 2020-12-09 | 2021-03-05 | 视联动力信息技术股份有限公司 | 支持分控的视联网跨域通信方法、装置、设备及介质 |
CN116150221B (zh) * | 2022-10-09 | 2023-07-14 | 浙江博观瑞思科技有限公司 | 服务于企业电商运营管理的信息交互方法及*** |
Family Cites Families (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB1562911A (en) | 1976-09-17 | 1980-03-19 | Girling Ltd | Hydraulically operated disc brakes for vehicles |
US7028186B1 (en) * | 2000-02-11 | 2006-04-11 | Nokia, Inc. | Key management methods for wireless LANs |
US6978022B2 (en) | 2000-10-26 | 2005-12-20 | General Instrument Corporation | System for securing encryption renewal system and for registration and remote activation of encryption device |
US7080397B2 (en) | 2000-10-26 | 2006-07-18 | General Instrument Corporation | Communication protocol for content on demand system with callback time |
US7257227B2 (en) | 2000-10-26 | 2007-08-14 | General Instrument Corporation | System for denying access to content generated by a compromised off line encryption device and for conveying cryptographic keys from multiple conditional access systems |
US20020083438A1 (en) | 2000-10-26 | 2002-06-27 | So Nicol Chung Pang | System for securely delivering encrypted content on demand with access contrl |
EP1334583A2 (en) | 2000-10-26 | 2003-08-13 | General Instrument Corporation | Enforcement of content rights and conditions for multimedia content |
CN1191696C (zh) * | 2002-11-06 | 2005-03-02 | 西安西电捷通无线网络通信有限公司 | 一种无线局域网移动设备安全接入及数据保密通信的方法 |
KR100735577B1 (ko) * | 2004-08-12 | 2007-07-04 | 삼성전자주식회사 | 무선 네트워크의 적응형 키검색장치 및 방법 |
US8126145B1 (en) * | 2005-05-04 | 2012-02-28 | Marvell International Ltd. | Enhanced association for access points |
CN100448239C (zh) * | 2006-02-28 | 2008-12-31 | 西安西电捷通无线网络通信有限公司 | 鉴别服务实体的安全接入协议符合性测试的方法及其*** |
CN100369446C (zh) * | 2006-02-28 | 2008-02-13 | 西安西电捷通无线网络通信有限公司 | 接入点的安全接入协议符合性测试方法及其*** |
KR101366243B1 (ko) * | 2006-12-04 | 2014-02-20 | 삼성전자주식회사 | 인증을 통한 데이터 전송 방법 및 그 장치 |
CN100496156C (zh) * | 2007-02-16 | 2009-06-03 | 西安西电捷通无线网络通信有限公司 | 一种基于wapi的证书漫游认证方法 |
CN101056177B (zh) * | 2007-06-01 | 2011-06-29 | 清华大学 | 基于无线局域网安全标准wapi的无线网状网重认证方法 |
US8150372B2 (en) * | 2007-09-28 | 2012-04-03 | Symbol Technologies, Inc. | Method and system for distributing data within a group of mobile units |
CN100512112C (zh) * | 2007-10-16 | 2009-07-08 | 西安西电捷通无线网络通信有限公司 | 一种wapi证书鉴别方法 |
CN101232378B (zh) * | 2007-12-29 | 2010-12-08 | 西安西电捷通无线网络通信股份有限公司 | 一种无线多跳网络的认证接入方法 |
CN101489094A (zh) | 2008-01-15 | 2009-07-22 | 深圳市同洲电子股份有限公司 | 一种加密节目的订购、预览方法和***及前端处理*** |
CN101547340B (zh) | 2008-03-25 | 2010-12-15 | 中国科学院软件研究所 | 一种视频点播***中的不可否认计费方法 |
CN101478753B (zh) * | 2009-01-16 | 2010-12-08 | 中兴通讯股份有限公司 | Wapi终端接入ims网络的安全管理方法及*** |
US8331567B2 (en) * | 2009-03-30 | 2012-12-11 | Intel Corporation | Methods and apparatuses for generating dynamic pairwise master keys using an image |
CN101583083B (zh) | 2009-06-01 | 2011-11-30 | 中兴通讯股份有限公司 | 一种实时数据业务的实现方法和实时数据业务*** |
-
2009
- 2009-06-01 CN CN2009101421613A patent/CN101583083B/zh not_active Expired - Fee Related
- 2009-12-08 WO PCT/CN2009/075417 patent/WO2010139163A1/zh active Application Filing
- 2009-12-08 EP EP09845443.2A patent/EP2426873B1/en not_active Not-in-force
- 2009-12-08 US US13/257,940 patent/US8745396B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN101583083A (zh) | 2009-11-18 |
CN101583083B (zh) | 2011-11-30 |
EP2426873A1 (en) | 2012-03-07 |
EP2426873A4 (en) | 2014-02-12 |
US8745396B2 (en) | 2014-06-03 |
US20120102328A1 (en) | 2012-04-26 |
WO2010139163A1 (zh) | 2010-12-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2426873B1 (en) | Method for implementing the real time data service and real time data service system | |
EP2421293B1 (en) | Method enabling real-time data service realization, real-time data service system and mobile terminal | |
CN108650227B (zh) | 基于数据报安全传输协议的握手方法及*** | |
US7185362B2 (en) | Method and apparatus for security in a data processing system | |
CN102036238B (zh) | 一种基于公钥实现用户与网络认证和密钥分发的方法 | |
WO2008046323A1 (fr) | Procédé, système et appareil pour la protection de service de télévision pour téléphone mobile | |
WO2010012203A1 (zh) | 鉴权方法、重认证方法和通信装置 | |
CN109714360B (zh) | 一种智能网关及网关通信处理方法 | |
CN107181597B (zh) | 一种基于身份代理群签名的PMIPv6认证***及方法 | |
WO2010127539A1 (zh) | 一种流媒体业务的接入认证方法及*** | |
WO2008043292A1 (fr) | Procédé d'authentification, dispositif et système destinés à un service de multidiffusion et de radiodiffusion | |
WO2012019466A1 (zh) | 邻居用户终端间保密通信方法、终端、交换设备及*** | |
WO2011041962A1 (zh) | 一种支持合法监听的端到端会话密钥协商方法和*** | |
CN112312393A (zh) | 5g应用接入认证方法及5g应用接入认证网络架构 | |
US7715562B2 (en) | System and method for access authentication in a mobile wireless network | |
WO2016023198A1 (zh) | 异构网络之间的切换方法及切换*** | |
CN109068321A (zh) | 协商会话密钥的方法、***、移动终端及智能家居设备 | |
WO2012055204A1 (zh) | 一种基于wapi的管理帧保护方法和装置 | |
CN112399407B (zh) | 一种基于dh棘轮算法的5g网络认证方法及*** | |
TW201228417A (en) | Deciphering methods and mobile communication apparatuses thereto | |
CN115996121B (zh) | 一种基于volte网络的量子加密的可信视频通信***和方法 | |
WO2010105469A1 (zh) | 一种移动多媒体广播条件接收的鉴权方法及*** | |
CN113473468B (zh) | 一种宽带认知无线通信方法及*** | |
Liu et al. | A WPKI-based security mechanism for IEEE 802.16 e | |
JP2006191429A (ja) | 集合型宅内ネットワークにおける認証方法及びシステム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20111130 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
A4 | Supplementary search report drawn up and despatched |
Effective date: 20140114 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04W 12/06 20090101ALI20140930BHEP Ipc: H04W 88/08 20090101ALI20140930BHEP Ipc: H04L 9/32 20060101ALI20140930BHEP Ipc: H04W 12/10 20090101ALI20140930BHEP Ipc: H04L 29/06 20060101ALI20140930BHEP Ipc: H04L 12/70 20130101AFI20140930BHEP Ipc: H04N 21/266 20110101ALI20140930BHEP Ipc: H04L 12/28 20060101ALI20140930BHEP Ipc: H04N 21/2347 20110101ALI20140930BHEP |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 602009031018 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: H04L0012560000 Ipc: H04N0021258000 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04W 12/10 20090101ALI20141222BHEP Ipc: H04L 29/06 20060101ALI20141222BHEP Ipc: H04N 21/258 20110101AFI20141222BHEP Ipc: H04N 21/6334 20110101ALI20141222BHEP Ipc: H04L 9/32 20060101ALI20141222BHEP Ipc: H04N 21/8549 20110101ALI20141222BHEP Ipc: H04N 21/41 20110101ALI20141222BHEP Ipc: H04L 12/28 20060101ALI20141222BHEP Ipc: H04N 21/266 20110101ALI20141222BHEP Ipc: H04N 21/2347 20110101ALI20141222BHEP Ipc: H04W 88/08 20090101ALI20141222BHEP Ipc: H04W 12/06 20090101ALI20141222BHEP |
|
INTG | Intention to grant announced |
Effective date: 20150127 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 724995 Country of ref document: AT Kind code of ref document: T Effective date: 20150515 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602009031018 Country of ref document: DE Effective date: 20150611 |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: VDEP Effective date: 20150429 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 724995 Country of ref document: AT Kind code of ref document: T Effective date: 20150429 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150729 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150831 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150829 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150730 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 7 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602009031018 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 Ref country code: RO Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20150429 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20160201 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20151231 Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20151208 Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20151231 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20151231 Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20151208 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 8 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20091208 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 9 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20150429 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20200113 Year of fee payment: 11 Ref country code: DE Payment date: 20200107 Year of fee payment: 11 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20200113 Year of fee payment: 11 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 602009031018 Country of ref document: DE |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20201208 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20201231 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20201208 Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20210701 |